Galxe Protocol Compromised: Over $160k Drained

Galxe's website suffered a security breach, leading to a phishing attack and funds being stolen. Similar to a previous incident, the attacker may have ties to Russia.

Oct 7, 2023 - 13:15
Oct 19, 2023 - 13:41
Galxe Protocol Compromised: Over $160k Drained
Reading time - 2 min

On October 6th, Galxe's website went offline for approximately an hour. The company promptly reported on X (formerly known as Twitter) that its website was down, and within 40 minutes, confirmed a security breach affecting its Domain Name System (DNS) record. They cautioned users against visiting the domain until the issue was resolved. Even after the website's restoration, some users reported that Google had blocked it. 

A Web3 cybersecurity service pinpointed the nature of the attack, explaining that Galxe's DNS records were maliciously modified to redirect users to a phishing website designed to drain users' wallets. Crypto detective ZachXBT highlighted that funds were being siphoned from Galxe, with the associated wallet continuing to accumulate funds even after the website's restoration. By 17:15 UTC, the stolen amount was approximately $160,000, as per DeBank.

ZachXBT drew parallels between the Galxe exploit and a previous attack on the Balancer protocol on September 19th. This was the second time Balancer had been targeted within a month. The Balancer team had described the incident as a social engineering attack on its DNS server, executed by a crypto wallet drainer known as Angel Drainer. SlowMist, a blockchain security firm, hinted at the attacker's possible association with Russia.

A spokesperson for Galxe reached out with a statement:

“The Galxe website is offline. We will bring it back online once the correct DNS records are propagated globally. Your funds and information are safe as long as no approval of any transaction on Galxe has been made in the past 8 hrs. We took back the domain ownership at 9am PST, October 6th, and enhanced the security protection of the account with domain registrar service Dynadot. In our efforts to address this situation, we have engaged with the appropriate law enforcement authorities." 

The third quarter of 2023 witnessed a dramatic surge in losses to Web3 projects compared to Q3 2022. A report from the security platform Immunefi highlighted a year-on-year increase in attacks from 30% to 76%. The total losses for Q3 2023 approached a staggering $686 million. The most significant loss during this period was attributed to the Mixin hack on September 25th.

Philip Bohmer Philip is a seasoned journalist that brings clarity to the complex world of cryptocurrencies through his articulate and insightful articles. His passion for blockchain technology fuels his writing, making him a trusted voice in the rapidly evolving digital currency landscape.